We had two issues with ::backdrop which this commit fixes:
::backdrop is unique in that it's the previous sibling to its
originating element, instead of a child of it. This means when that
element's layout node is thrown away, the ::backdrop's is not.
A second issue is that if we do a partial layout rebuild, the
originating element's layout node replaces its previous one, but we
would still append a new layout node for ::backdrop to the root, so it
would appear in front of the originating element.
A related issue is that clear_pseudo_element_nodes() got called on the
element after its ::backdrop had been assigned, so it would immediately
lose track of it again.
To solve this, we now always remove the ::backdrop's layout node. If we
need to create a new one, we insert it before the element's layout node
if it has one, otherwise we append as before. This ensures we only ever
have up to one layout node for the ::backdrop, and it appears behind
its originating element.
To support this, create_pseudo_element_if_needed() has a couple of
changes:
- It returns the node that was created.
- The caller can ask it not to insert the node, so that the caller can
do so (which we use so that we can insert it in a specific place)
Previously, referencing an element that eventually pointed back to
the original <use> element would cause a stack overflow.
We now look at the referenced element and follow every <use> element
in its subtree and aim to detect any duplicates. If so, we consider
that referenced element invalid.
This recovers 750+ WPT subtests that were lost when
https://github.com/web-platform-tests/wpt/pull/56913 was merged and
added new testcases, two of which exposed this crash.
I have added my own testcase instead of importing the affected WPT tests
since they are large and complex, which makes it hard to understand
where the problem is coming from based on them alone. Also this is only
a crash test (i.e. not a different kind) because the tested scenario
doesn't actually behave correctly yet for seemingly unrelated reasons.
It is not guaranteed that an animation is ready to run a pending task
when it is scheduled just because it has a timeline, and even if it is,
the current time when scheduling will not necessarily still be correct
when the task is run (e.g. if the timeline changes in the interim).
We had some tests which relied on the previous behavior which have been
updated to await the pending play task
Fixes a crash in the
/web-animations/interfaces/Animatable/animate-no-browsing-context.html
WPT test but it can't be imported since it relies on a python web server
to be running
I missed when these changes actually happened, but the big differences
here are that a few steps got extracted into their own algorithms; and
the dialog now only does things when it's attached to a fully-active
document, instead of immediately.
I've imported a WPT test that exercises this by calling show() on an
unattached dialog.
There was a crash in JS::CyclicModule::evaluate due to a spec bug that
we worked around years ago (1dc9769f7d).
This bug has now been fixed in ECMA-262. This adds a regression crash
test to ensure we don't crash still after implementing that fix, as this
is really only reachable from an embedder.
This fixes a silly bug where we would crash when parsing a multi-layer
mask shorthand property that contained the no-clip keyword but no value
for mask-origin.
Fixes a crash when parsing the CSS of https://www.browserbase.com/. The
site still has other, unrelated problems though.
In some cases a document may lack an associated window - to fix this for
now we just return false but perhaps there are some media queries we
should still attempt to resolve.
Previously, the first `HTMLHtmlELement` in the given document would
always be used when determining whether to propagate background
properties to the body element. This meant the wrong root element was
used for SVG `foreignObject` elements, which could lead to a crash.
In LayoutState, used_values_per_layout_node should not be modified in
order to determine inline nodes' dimensions - all the required values
should already be in there. In 2585f2da0d
we did accidentally create new values, causing the code further down to
try and get a PaintableBox from an anonymous container and crashing.
Fixes#6015.
Previously we were using the document's window - this was both contrary
to spec and causing crashes when the document did not have a window (for
instance the `temp_document` in `HTMLParser::parse_html_fragment`.
This means we no longer crash when navigating between pages on
https://rocketlabcorp.com
This is everything except some failing ref-tests, and
`css/css-typed-om/the-stylepropertymap/properties/*` because importing
a test for every property feels excessive.
Fixes crash in the created test as well as https://wpt.live/css/css-text
/word-spacing/reference/word-spacing-percent-001-ref.html. The WPT test
hasn't been imported as it passing is currently a false-positive due to
the fact that we don't yet respect `word-spacing` in most cases.
Previously, an SVG with width of zero would have am intrinsic aspect
ratio of zero. With this change, if an SVG has a width or height of
zero, the intrinsic aspect ratio is determined by the SVG's viewbox.
We were passing in byte offsets instead of UTF-16 code unit offsets,
which could lead to crashes if the offsets found exceeded the number of
code units in text fragments on the page.
Fixes#4908.
Co-authored-by: Tim Ledbetter <tim.ledbetter@ladybird.org>
